My Writing

• Communication One-Year Anniversary of this Blog
• Tools When Successful Security Measures Are Taken For Granted
  When security controls consistently protect without incident, beneficiaries may question their value: "No breaches recently—why do we need a CISO?" Collect meaningful metrics showing safeguards are...
• Social Networking Explaining Computer Security Terms to Ordinary People
  Technical jargon that security professionals use daily may be meaningless to non-IT people. A collaborative effort with SANS Institute defines commonly-used security terms like firewall, exploit, and...
• Social Networking Twitter Social Networking Among Information Security People
  Twitter offers three-fold value for security professionals: discovering curated content (users act as content curators), interacting with peers (social stigmas almost non-existent), and researching...
• Incident Response 9 Convenient Lies in Information Security
  Common security claims are often oversimplifications: encryption alone doesn't secure data, compliance doesn't address all necessary controls, security seals reflect limited scans, background checks...
• Malware 5 Events in 2011 That Challenged Online Security and Trust Assumptions